Cyber Safety Review Board to probe Lapsus$ ransomware spree – Cybersecurity Dive




Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.
The Cyber Safety Review Board is set to examine the Lapsus$ ransomware gang, the U.S. Department of Homeland Security announced Friday. A prolific group, Lapsus$ has targeted a wide range of global companies and government agencies, sometimes with ruthless digital extortion, since late 2021. 
The 15-member board, chaired by DHS Under Secretary for Policy Robert Silvers, reviewed the ransomware group’s activities over the past year and sent recommendations to President Joe Biden via Homeland Security Secretary Alejandro Mayorkas and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
Lapsus$ has heavily targeted critical infrastructure providers following an initial attack on the Brazil Ministry of Health last year. The group has been linked to a series of high-profile attacks against major companies ranging from T-Mobile to Nvidia and ride-hailing giant Uber. 
“The CSRB will review how this group has allegedly impacted some of the biggest companies in the world, in some cases with relatively unsophisticated techniques, and determine how we all can build resilience against innovative social engineering tactics and address the role of international partnerships in combating criminal cyber actors,” Mayorkas said Friday during a conference call with reporters. “As cyberthreats continue to evolve, we have to evolve the methods we use to protect ourselves against cybercriminal activity and increase our resilience against future attacks.”
In its first review, the CSRB found Log4j to be an “endemic vulnerability,” with ramifications that could extend years into the future. 
The report said attacks stemming from Log4j were at lower levels than initially feared, but highlighted the inherent risks from the widespread open source computing due to a lack of financial and labor resources. 
CSRB Deputy Chair Heather Adkins, VP of security engineering at Google, noted that many of the reported targets of Lapsus$ were considered to have very strong cybersecurity programs. These organizations had followed recommended security controls, and in some cases even advanced controls, but still felt a significant impact from the attacks. 
Several alleged members of the extortion gang have been arrested, but researchers suspect other affiliates of Lapsus$ remain unaccounted for.
Get the free daily newsletter read by industry experts
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page